Hands holding a medical symbol

The big news this week was that Colombia’s healthcare system was severely disrupted by a ransomware attack on Keralty, one of the country’s largest healthcare providers.

Patients had to wait more than twelve hours for treatment, and people fainted due to lack of medical attention.

The The Keralty attack was carried out by the RansomHouse ransomware operation, which claims to have stolen 3TB of data in the attack.

Other news this week includes an increase in attacks by the renamed Operation Trigona Ransomware and reports of a new data eraser named CryWiper targets local government agencies in Russia.

Zscaler has also released an excellent Black Basta technical analysisand the FBI revealed that the Cuba ransomware reported $60 million more than 100 victims.

Contributors and those who provided new ransomware information and stories this week include: @BleepinComputer, @LawrenceAbrams, @FourBytes, @demonslay335, @struppigel, @PolarToffee, @serghei, @fwosar, @DanielGallagher, @jorntvdw, @billtoulas, @Seifreed, @VK_Intel, @malwareforme, @malwhunterteam, @Ionut_Ilascu, @kaspersky, @xfalexx,@hyperconnected, @kennethdee, @pcrisk, @pushecxand @BrettCallow.

November 26, 2022

Ransomware gang targets Belgian municipality and hits police instead

The Ragnar Locker ransomware gang released stolen data from what they thought was the municipality of Zwijndrecht, but it turned out to have been stolen from Zwijndrecht police, a local police unit in Antwerp, in Belgium.

November 28, 2022

New variants of Dharma ransomware

Risk found new variants of Dharma ransomware that add the .just Where .CRASH extension to encrypted files.

New variants of Xorist ransomware

PCrisk has found new Xorist ransomware variants that add the .ety Where .lUUUUUUUUU extensions to encrypted files.

New Variant of Chaos Ransomware

PCrisk has found a new Chaos ransomware variant that adds the .BAD extension and drops a ransom note named read_it.txt.

November 29, 2022

Trigona ransomware spotted in surge in attacks worldwide

A previously unnamed ransomware has been rebranded as ‘Trigona’, launching a new Tor trading site where they accept Monero as a ransom payment.

November 30, 2022

Keralty ransomware attack affects Colombian healthcare system

Multinational healthcare organization Keralty suffered a RansomHouse ransomware attack on Sunday, disrupting the websites and operations of the company and its subsidiaries.

New STOP ransomware variants

PCrisk has found new STOP ransomware variants that add the .uyro and .uyit expansions.

New variant of MedusaLocker ransomware

PCrisk has found a new variant of MedusaLocker that adds the .encrypt extension and drops a ransom note named !-Recovery_Instructions-!.html.

New DATAF Locker ransomware

PCrisk has found a new DATAF Locker ransomware that adds the .dataf extension and drops a ransom note named How to restore your .txt files.

December 1, 2022

FBI: Cuba ransomware reaped $60 million from over 100 victims

The FBI and CISA revealed in a new joint security advisory that Cuba’s ransomware gang collected more than $60 million in ransoms in August 2022 after killing more than 100 people worldwide.

Back in black… Basta

Zscaler ThreatLabz has tracked the major ransomware families and their tactics, techniques, and procedures (TTPs), including the BlackBasta ransomware family. On November 16, 2022, ThreatLabz identified new BlackBasta ransomware samples that had significantly lower antivirus detection rates. The latest BlackBasta code has many differences from the original BlackBasta ransomware.

December 2, 2022

New CryWiper malware wipes data in attack on Russian organization

A previously undocumented data wiper named CryWiper poses as ransomware, extorting victims to pay for a decryptor, but in reality it simply destroys data beyond recovery.

Seattle-area debt collector allegedly compromised data of 3.7 million people

A Lynnwood, Wash.-based debt collection company was sued for compromising the names and social security information of more than 3.7 million people in an April 2021 data breach .

It’s all for this week ! I hope everyone is having a good weekend!


Source link